What is phishing?
Online phishing is a method of identity theft meant to trick an unsuspecting user to reveal personal or financial information online. Phishers pretend to be trusted businesses in order to steal usernames, passwords, credit card numbers, billing information etc.
How do I identify a phishing email?
A phishing email appears to come from Samba or other organization asking you to take action of some sort e.g. updating your account information. A phishing scam will ask you to reveal personal information.
Any email that you receive from a reputable institution such as Samba, eBay, Amazon, etc., will NEVER EVER ask you for your password or other personal information. It is the type of confidential information that is being requested which should serve as a warning to you.
Do not respond to the following:
- Urgent requests for personal financial information
- Alarmist statements that tell you to act immediately
- Requests for "restricted" information, including usernames, passwords and account numbers
- Messages with an unusual ‘From’ address or an unusual ‘Reply-To’ address
Note that the screenshot above appears to be legitimate at first sight, but it is not. The browser address bar shows a URL other than that of Samba.
Samba will never ask you for your username, password, or similar restricted data, through email, phone, text or any other means.
What if I receive a phishing email?
In case you receive a phishing email from someone posing as Samba,
- Do not respond to the email.
- Forward that email immediately to firstname.lastname@example.org
- Delete the email without clicking on any link in the email
- Ignore any phone number mentioned in the email
What if I receive a phone call asking for my personal details?
Samba will never call you and ask for your personal details. Such phone calls are NOT legitimate. In case of such a request, call SambaPhone and give them the Caller ID.
If I come across a website I think is phishing, how do I report it?
Report a suspicious website by calling SambaPhone or by sending the website URL to email@example.com.
What should I do if I think I've entered my personal or financial information into a phishing website or I've been a victim of phishing?
Please do the following immediately:
- Contact SambaPhone and tell them about the email and what sort of information you have entered.
- Follow the instructions from the SambaPhone professional
- Change the passwords or PINs on all your online accounts immediately
How did the phishers get my email address?
Phishers do not target individuals, but send out thousands of scam emails to randomly generated email addresses in the hope that some will be successful. They also search the web for valid addresses they can use and exchange this information with each other. If you have ever posted on an internet forum or published something on the web, there's a good chance your address will be targeted by the phishers. If you have fallen victim before, your address is normally added to a list of 'easy victims' and you are likely to then receive even more scams.
"Forwarded" emails are also good source of email addresses. Spammers start mail chains in the hope of getting a list of live email addresses. Refrain from forwarding emails or if it is absolutely necessary, then remove all unnecessary email addresses from the email before sending it.
What can I do to help protect myself from online phishing?
Be very careful with your personal information. Samba will never ask you to reveal your personal information such as passwords and account numbers through email.
- Be cautious about providing sensitive data in an email message, instant message, or pop-up window
- Be wary of clicking links in email messages and instant messages
- If you are going to visit any site where you intend to enter your account details or similar information, you should only go there by typing the site's address directly into the browser address bar and not by clicking a link in an email. This is the only way to be sure you are visiting the real site and not a fake one.
- Never give out your personal details.
Is it safe to enter my user-ID/password anywhere on the Bank's official site?
Please do not enter any confidential information (user-ID/password) on any online resource except the designated pages for entering your username and password, even on the official Samba site.
What is the official website of the Bank?
The official website of the Bank is provided in your account statements and other official communication from Samba. Please do not enter any account-related information, PIN or any other personal information on any site other than the Bank's official site. If in doubt about a site, please contact SambaPhone or your relationship manager to verify.
How do I ensure that the site I am visiting belongs to Samba?
Please do not trust any site even if it bears the Samba logo or looks and feels like the bank's website. You should only trust a site if you have entered the site address (provided by Samba through an official communication, e.g., a letter or your account statement) yourself in the address bar of your browser. If you have come to the site by clicking a link, please ensure that the site address (in the address bar of the browser) is the one provided by Samba through official communication.